<?php
/* 
 * Author: Quan Van Sinh
 * Email: sinhvnb@vietnambiz.com
 */
function getAllPermission(){
    global $DB;
    $sql="SELECT * FROM permission ORDER BY username";
    $rsAllPermission = $DB->query($sql);
    return $rsAllPermission;
}

function checkPermissionExist($username,$module){
    global $DB;
    $sql="SELECT * FROM permission WHERE username='".mysql_escape_string($username)."' AND deny_modules = '".mysql_escape_string($module)."'";
    $rsPermission = $DB->query_first($sql);
    if($rsPermission['username']==$username AND $rsPermission['deny_modules']==$module){
        return FALSE;
    }else{
        return TRUE;
    }
}

function permissionAction(){
    if(isset($_POST['permissionActionType'])){
        $actionType = $_REQUEST['permissionActionType'];
        switch ($actionType) {
            case 'addPermission':
                addPermission();
                break;
            case 'editPermission':
                if(isset($_POST['id'])){
                    editPermission($_POST['id']);
                }else{
                    getAllPermission();
                }
                break;
            case 'updatePermission':
                if(isset($_POST['edId'])){
                    updatePermission($_POST['edId']);
                }else{
                    getAllPermission();
                }
                break;
            case 'deletePermission':
                if(isset($_POST['id'])){
                    deletePermission($_POST['id']);
                }else{
                    getAllPermission();
                }
                break;
            default:
                getAllPermission();
        }
    }
}

function addPermission(){
    global $DB;
    $username = filter($_POST['username']);
    $denyModules = filter($_POST['denyModules']);
    if(checkPermissionExist($username,$denyModules)){
        $addPermissionSql = "INSERT INTO permission (username,deny_modules) VALUES('$username','$denyModules')";
        $DB->query($addPermissionSql);
        $_SESSION['rsMessages'] = "Add new permission successfull!";
    }else{
        $_SESSION['rsMessages'] = "Permission already exist!";
    }
    
    
}

function editPermission($id){
    global $DB;
    $editPermissionSql = "SELECT * FROM permission WHERE id = ".intval($id);
    $editRS = $DB->query_first($editPermissionSql);
    echo json_encode(array("id"=>$editRS['id'],"username"=>$editRS['username'],"deny_modules"=>$editRS['deny_modules']));
    die;
}

function updatePermission($id){
    global $DB;
    $username = filter($_POST['edUsername']);
    $denyModules = filter($_POST['edDenyModules']);
    $updatePermissionSql = "UPDATE permission SET username='$username', deny_modules='$denyModules' WHERE id = ".intval($id);
    $DB->query($updatePermissionSql);
    $_SESSION['rsMessages'] = "Update permission infomations successfull!";
}

function deletePermission($id){
    global $DB;
    $deletePermissionSql = "DELETE FROM permission WHERE id = ".intval($id);
    $DB->query($deletePermissionSql);
    $_SESSION['rsMessages'] = "Delete permission successfull!";
    die;
}
?>
